Slashdot Mirror
Apple Tells App Developers To Disclose Or Remove Screen Recording Code (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps -- or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: "Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity." "We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.
It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.
It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.
I'm sure that no one would ever misuse all that sweet sweet private information like password and account numbers and logins and private nude pics.
Just cruising through this digital world at 33 1/3 rpm...
And once again the misnomer "Screen recording" is being used inaccurately in the headline to draw more attention. "Screen recording" is a phrase that has a specific meaning, and there is no screen recording going on. I don't feel like typing it all again... https://slashdot.org/comments....
(I'm not condoning or defending this practice, but just clarifying that the screen is not literally being recorded and streamed as video)
Better known as 318230.
Did you know that every app in the App Store is required to link to a privacy policy if it records data? If you did, do you know how to find that link?
It's in the "information" box that is helpfully hidden way at the bottom - but not all the way at the bottom - of an app's page on the App Store. If you scroll to the bottom you won't see if because you'll have gone past it.
So all this is going to do is make the apps doing this add it to that privacy policy most people probably aren't aware even exists because it's hidden below the "app compatibility" and "supported languages" sections.
from PRISM?
Domestic spying is now "Benign Information Gathering"
I'm an app developer and years ago, started with an app in the App Store and included one of those free analytics libraries. It's quite useful, you get the crash reports coming in as they occur in the field. At some point, I was very proud to have solved nearly all crashes.
Then I felt like people needed to be able to opt out. So I built a screen with a simple checkmark, and looked at their API to turn off data collection. Turns out, it's not there. To opt out as a user you needed to go to a web page, and fill in your email adres. I thought to myself, what? What the fucking what? How can you relate crash reports with an email address? Then I realized that's what free means. I should never have started with it.
Note: this was in 2012/2013, and as a starting iOS developer, I was pretty naive. First of all I should've built my own light weight crash reporter. Second of all, it should've been opt-in.
I've tried Localytics, Crashlytics and Flurry. They all have severe privacy problems in my opinion. I have simply removed them from my app, because I kept feeling bad for my users.
8 of 13 people found this answer helpful. Did you?
Extract : "Air Canada is unsuccessful in obfuscating credit card and password information. As a result, sensitive data is being captured as images and potentially stored."
ref: http://theappanalyst.com/airca...
Will $CURRENT_YEAR be the year of the Linux Desktop?
I can't reconcile the two statements below, like I can't reconcile nearly everything Apple does. If you're so serious about privacy and an app (or apps) completely violated this in such a violent and litigious way - why wait to do something? Toss them off the store... for good!
What they captured without consent is so over the line, the response needs to be equally strong.
""Protecting user privacy is paramount in the Apple ecosystem."" ... ""and will take immediate action if necessary""
Apple is part of the UAE's "secret hacking team of American mercenaries" which seek to "help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy".
What Apple tells people via its ads: "What happens on your iPhone, stays on your iPhone"
Some of what Apple won't comment on: "The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists." (source: the aforementioned Reuters article)
Additional commentary from the only comedy news program worth watching, Redacted Tonight.
Digital Citizen